none
Public CRL vs Internal CRL DirectAccess Clients

    Question

  • Do we need public CRL for Windows 10 clients only?

    We do not plan support ever Windows 7 clients therefor we would like to use only private (internal) PKI infrastructure and not having any external dependency from 3rd party CA.

    Saturday, June 16, 2018 7:48 AM

Answers

  • As far as I know, the public CRL is not absolute requirement for DA clients, they will use internal CRL while connecting via DA. 

    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    • Marked as answer by Paul.SP Monday, July 9, 2018 7:56 AM
    Monday, June 18, 2018 12:45 PM

All replies

  • Hi,

    What do you mean by Public CRL? 3rd party?
    You can use you own PKI for DirectAccess but for me, you always need to publish the CRL.

    If you clients are outside your network, they need to check if the certificate has not been revoked.

    Gérald



    Monday, June 18, 2018 7:21 AM
  • As far as I know, the public CRL is not absolute requirement for DA clients, they will use internal CRL while connecting via DA. 

    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    • Marked as answer by Paul.SP Monday, July 9, 2018 7:56 AM
    Monday, June 18, 2018 12:45 PM
  • After successful deployment I can confirm that there is no clear information in the MS documentation if this is the case when you deploy only Windows 10.

    To be clear there is no need to have public CRL when you deploy DirectAccess for Windows 10 clients.

    Monday, July 9, 2018 7:56 AM